From eb4b233e33ee60dc35bbe18688bbcfa0953d7f62 Mon Sep 17 00:00:00 2001
From: James Magahern <james@magahern.com>
Date: Thu, 25 Jun 2026 23:08:35 -0700
Subject: [PATCH] Resolve CI signing keychain path

---
 ios/fastlane/Fastfile | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile
index 3abf4c5..803f01a 100644
--- a/ios/fastlane/Fastfile
+++ b/ios/fastlane/Fastfile
@@ -7,6 +7,7 @@ APP_IDENTIFIER = "net.buzzert.sybil2"
 SCHEME = "Sybil"
 TEAM_ID = "DQQH5H6GBD"
 PROFILE_NAME = "Sybil AppStore CI"
+SIGNING_IDENTITY = "Apple Distribution: James Magahern (DQQH5H6GBD)"
 MATCH_BRANCH = "master"
 IOS_ROOT = File.expand_path("..", __dir__)
 PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
@@ -43,7 +44,7 @@ platform :ios do
     create_keychain(
       path: keychain_path,
       password: keychain_password,
-      default_keychain: true,
+      default_keychain: false,
       unlock: true,
       timeout: 3600,
       lock_after_timeout: false,
@@ -52,6 +53,9 @@ platform :ios do
 
     resolved_keychain_path = ["#{keychain_path}-db", keychain_path].find { |path| File.exist?(path) } || keychain_path
 
+    sh("security default-keychain -s #{resolved_keychain_path.shellescape}", log: false)
+    sh("security list-keychains -d user -s #{resolved_keychain_path.shellescape}", log: false)
+
     ENV["MATCH_KEYCHAIN_NAME"] = resolved_keychain_path
     ENV["MATCH_KEYCHAIN_PASSWORD"] = keychain_password
   end
@@ -70,7 +74,7 @@ platform :ios do
     identities = sh("security find-identity -v -p codesigning #{keychain_path.shellescape}", log: false)
     UI.message(identities)
 
-    unless identities.include?("Apple Distribution: James Magahern (DQQH5H6GBD)")
+    unless identities.include?(SIGNING_IDENTITY)
       UI.user_error!("The CI keychain does not contain the expected Apple Distribution signing identity")
     end
   end
@@ -143,7 +147,7 @@ platform :ios do
     sync_match_signing(readonly: true)
     verify_ci_signing_identity
 
-    build_app(
+    build_options = {
       project: PROJECT_FILE,
       scheme: SCHEME,
       export_method: "app-store",
@@ -152,7 +156,16 @@ platform :ios do
           APP_IDENTIFIER => PROFILE_NAME
         }
       }
-    )
+    }
+
+    if ENV["CI"]
+      build_options[:xcargs] = [
+        "CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY.shellescape}",
+        "OTHER_CODE_SIGN_FLAGS=#{("--keychain #{ENV.fetch("MATCH_KEYCHAIN_NAME")}").shellescape}"
+      ].join(" ")
+    end
+
+    build_app(build_options)
 
     upload_to_testflight(
       api_key: api_key,